"/authazws/AuthRestService" fails to authenticate any users

Document ID : KB000101626
Last Modified Date : 15/06/2018
Show Technical Document Details
Issue:
"/authazws/AuthRestService" fails to authenticate any users
Description    
We have Access Gateway (SPS) deployed in our environments with "authazws" enabled. Basically we use its "/authazws/AuthRestService/login" and "/authazws/AuthRestService/authz" RESTful services through our in-house-built Security API. 

Calling "/authazws/AuthRestService/login" to the new SPS always had "LOGIN_FAILED" result even though the same request being sent to the existing SPS was authenticated OK.

The same user in Policy Server Test Tool was tested authentication OK. 

smps.log:
[ERROR][sm-Ldap-00650] CSmDsLdapProvider::Search(): Wrong syntax of LDAP search filter: (uid=)

Wireshark shows following response from webservices:
<loginResponse><authenticationResponses/><message>Authentication Failed</message><resultCode>LOGIN_FAILED</resultCode></loginResponse>

sps-trace.log: 
User 'unknown' is not authenticated by Policy Server.

smtracedefault.log: 
LogMessage:ERROR:[sm-Ldap-00650] CSmDsLdapProvider::Search(): Wrong syntax of LDAP search filter: (uid=)

server.log: SM_USERDN and SM_USER are empty:
Header SM_USERDN :
Header SM_USER :
Environment:
SSO 12.8 - Policy Server and Access Gateway.
Windows Server 2016
Resolution:
Customer was using the following xml to log in
 
<loginRequest> 
  <binaryCreds></binaryCreds> 
  <userName>USERNAME</userName> 
  <password>PASSWORD</password> 
  <action>GET</action> 
</loginRequest>

This was solved by changing:
<userName>USERNAME</userName>
To:
<username>USERNAME</username>

It looks as if "userName" was changed to "username" (or  became case sensitive) between 12.7 and 12.8. This is reflected in a difference  in the documentation:

12.7 uses userName: 

https://docops.ca.com/ca-single-sign-on/12-7/en/configuring/ca-access-gateway-configuration/configuring-the-authentication-and-authorization-web-services#ConfiguringtheAuthenticationandAuthorizationWebServices-AuthenticationRESTInterface 

12.8 uses username: 

https://docops.ca.com/ca-single-sign-on/12-8/en/configuring/ca-access-gateway-configuration/configuring-the-authentication-and-authorization-web-services#ConfiguringtheAuthenticationandAuthorizationWebServices-AuthenticationRESTInterface